Some requests require authentication to ensure that the client requests access data securely. In Insomnia, you can configure different authentication types and parameters when you send a request so that it can authenticate.
The Insomnia UI provides a simplified configuration for request authentication. It pre-populates the parameters when you select an auth type so you only have to fill in the values.
Navigate to a request in a collection, click the Auth tab below your request, and select an authentication type from the dropdown menu.
The following authentication types are supported for request authentication in Insomnia:
Request authentication requires the client to validate their identity in some way before they can access the resources from the server.
The following diagram shows how basic auth works when it’s required as part of request authentication:
sequenceDiagram
participant Client
participant Server
Client->>Server: Requests a protected resource
Server->>Client: Requests username and password
alt Correct credentials sent
Client->>Server: Sends username and password
Server->>Client: Returns requested resource
else Wrong credentials sent
Client->>Server: Sends wrong username and password
Server->>Client: Returns 401 Unauthorized status code
end
What should I do if I see SSL certificate errors in Insomnia?
If you encounter errors like:
Error: unable to verify the first certificate
or
Error: Hostname/IP doesn't match certificate's altnames
This likely means you’re using an invalid or self-signed certificate, which is a common issue with local development servers.
To bypass this, go to Settings and disable the Validate SSL Certificates option.